Corporate LDAP
How to configure External Authentication with corporate LDAP?
The below link tells how to configure Shared Services to support authentication of users stored in LDAP, refer to chap 10
http://download.oracle.com/docs/cd/E12032_01/doc/epm.921/hss_install.pdf
Similar Messages
-
EP 6.0 SP2: Users move in Corporate LDAP,
Hello,
my corporate LDAP was changed. All the users moves from O=x to O=y. Now no user can login.
When i add the new users to the Portal, they lost there personel settings.
Is it possible to manipulate the Database? Or ist their any other trick?
StephanHi Stephan,
if you move users in your LDAP-Directory you loose the role assignments because the roles are assigned to the DN (Distinguished Name) of the user. i.e: CN=user1, O=x, C=DE. So when you move the users from O=x to O=y the DN of the users changes and so the role assignment becomes invalid.
There is the possibility to change the uniqueID of users in the UME, so that it's not the DN but the CN, which in your case remains the same. You can do this be changing the attribute mapping in the UME.
More infos you can find here: http://help.sap.com/saphelp_ep60sp2/helpdata/en/b6/8b9aed8d7c11d5bdd8006094191908/frameset.htm
Be aware that if you change the uniqueID to CN you should also take care of the fact that the CN must be unique in the LDAP tree you use for the portal users. Also, a.f.a.i.k., after this change the Directory can only be integrated read-only.
Hope that helps,
Robert -
Hello All,
Could anybody please let me know the pros and cons of the SAP CUA and Corporate LDAP?
Please this is urgent
Thanks,
Leena.Hi All,
Can anyone please suggest the advantages/disadvantages of SAP CUA over Corporate LDAP.
I've gone through several threads and a lot has been spoken about it but still I would like to know the pros and cons of each approach so that technical consultants can decide to choose the best as per their landscape.
Please also suggest the differences in terms of complexities and costs incurred in implementing the same.
Thanks & Regards,
Anurag Gwari -
Regarding SAP CUA vs Corporate LDAP for authentication purposes
Hello All:
Could anyone please give more information about SAP CUA and the corporate LDAP? Please suggest which is more advantageous and what is the cost involved in each of these. These are the options for the authentication of SAP Enterprise Portal in our system here. We want to figure out which has more advantages over the other one.
Thanks,
LBueggHello all,
Appreciate your response for this query. We need to figure out the options soon. Its kind of urgent.
Thanks again..
L Buegg. -
Corporate LDAP vs. Call Manager LDAP
Hello
I've been trying to get to a conclusion about this.
My company uses the Call Manager LDAP directory, but now we will upgrade the Call Managers (from 3.3 to version 4.1).
What benefits do we have if we use the Call Manager with the corporate directory (Active Directory) instead of the built-in?Take a look at the following post.
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=IP%20Telephony&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddc519e
Hope this helps. If so, please rate the post.
Brandon -
Multi-Domain LDAP UME configuration
Hello
We have EP 7.0 installed and want to connect the UME to our Corporate
LDAP (MSADS) as data source.
Our ADS is as follows:
domain.pt u2013 This is our top level domain. Here we have our main users.
Gs.domain.pt u2013 This is a child domain of ren.pt. Here are some special
users that cannot be moved to domain.pt level (because of this we have to
use multi-domain configuration)
According to some documents Step 2 of Note 762419 - Multi-Domain Logon
Using Microsoft Active Directory this configuration as to be done
according to a Multiple-Domain UME LDAP Configuration.
Following is is my configuration of LDAP access:
I have set the u201CUME LDAP Datau201D in Config Tool to point to
the u201CdataSourceConfiguration_ads_readonly_db_with_krb5_multipledomain.xmlu201D configuration file that has been previously change by me following previous documents. The xml is is the end of the message
Also in the u201CUME LDAP Datau201D (Directory Server) I have defined the following settings:
Server Name: dc01.domain.pt (This is the DC of domain.pt)
Server port: 389
User: j2ee-pp3 @domain.pt
Pass: ******* (ok on all configuration tests and authentication)
SSL: NO.
User Path: DC=domain,DC=pt
Group Path: DC=domain,DC=pt
Checked the u201CFlat User Group Hierarchyu201D.
Checked the u201CUse UME Unique id with unique LDAP Attributeu201D.
At u201CAdditional LDAP Propertiesu201D I have set the properties of
ume.ldap.unique_user_attribute(global) and
ume.ldap.unique_uacc_attribute(global) to userprincipalname. This was
done according to the Multi-Domain configuration.
Also ume.ldap.access.multidomain.enabled=true was set the property
sheet of the UME service. After this all checks are ok including in
User Administration in Portal.
Conclusion: We have no problem with SSO and search capabilities
at u201Cdomain.ptu201D level. All users of this domain are able to access the
portal with SSO.
Nevertheless no user from u201Cgs.domain.ptu201D is able to logon. Additionally,
using User Admninistration in Portal with option u201CAll Data Sourcesu201D
returns no results when searching for users from this child domain. It
seems the the configuration file does not recognize gs.domain.pt.
Is it possible that our xml file is incorrectly adapted? Is there any
missing or wrong configuration for multi-domain LDAP access? Please
advice.
Thanks in advance
dataSourceConfiguration_ads_readonly_db_with_krb5_multipledomain.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- $Id: //shared_tc/com.sapall.security/630_SP_COR/src/_deploy/dist/configuration/shared/dataSourceConfiguration_ads_readonly_db_with_krb5_multipledomain.xml#6 $ from $DateTime: 2004/08/20 09:55:24 $ ($Change: 17140 $) -->
<!DOCTYPE dataSources SYSTEM "dataSourceConfiguration.dtd">
<dataSources>
<dataSource id="PRIVATE_DATASOURCE"
className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence"
isReadonly="false"
isPrimary="true">
<homeFor>
<principals>
<principal type="group"/>
<principal type="user"/>
<principal type="account"/>
<principal type="team"/>
<principal type="ROOT" />
<principal type="OOOO" />
</principals>
</homeFor>
<notHomeFor/>
<responsibleFor>
<principals>
<principal type="group"/>
<principal type="user"/>
<principal type="account"/>
<principal type="team"/>
<principal type="ROOT" />
<principal type="OOOO" />
</principals>
</responsibleFor>
<privateSection>
</privateSection>
</dataSource>
<dataSource id="CORP_LDAP"
className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence"
isReadonly="true"
isPrimary="true">
<homeFor/>
<responsibleFor>
<principal type="account">
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="j_user"/>
<attribute name="j_password"/>
<attribute name="userid"/>
<attribute name="logonalias"/>
</attributes>
</nameSpace>
</principal>
<principal type="user">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="firstname" populateInitially="true"/>
<attribute name="displayname" populateInitially="true"/>
<attribute name="lastname" populateInitially="true"/>
<attribute name="fax"/>
<attribute name="email" populateInitially="true"/>
<attribute name="email"/>
<attribute name="title"/>
<attribute name="department"/>
<attribute name="description"/>
<attribute name="mobile"/>
<attribute name="telephone"/>
<attribute name="streetaddress"/>
<attribute name="uniquename" populateInitially="true"/>
<attribute name="krb5principalname"/>
<attribute name="kpnprefix"/>
<attribute name="dn"/>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attributes>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>
</attributes>
</nameSpace>
<nameSpace name="$usermapping$">
<attributes>
<attribute name="REFERENCE_SYSTEM_USER"/>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
<principal type="group">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="displayname" populateInitially="true"/>
<attribute name="description" populateInitially="true"/>
<attribute name="uniquename"/>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attributes>
<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE"/>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.bridge">
<attributes>
<attribute name="dn"/>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
</responsibleFor>
<attributeMapping>
<principals>
<principal type="account">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="domain_j_user">
<physicalAttribute name="samaccountname"/>
</attribute>
<attribute name="j_user">
<physicalAttribute name="userprincipalname"/>
<attribute name="logonalias">
<physicalAttribute name="userprincipalname"/>
</attribute>
<attribute name="j_password">
<physicalAttribute name="unicodepwd"/>
</attribute>
<attribute name="userid">
<physicalAttribute name="null"/>
</attribute>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
<principal type="user">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="firstname">
<physicalAttribute name="givenname"/>
</attribute>
<attribute name="displayname">
<physicalAttribute name="displayname"/>
</attribute>
<attribute name="lastname">
<physicalAttribute name="sn"/>
</attribute>
<attribute name="fax">
<physicalAttribute name="facsimiletelephonenumber"/>
</attribute>
<attribute name="uniquename">
<physicalAttribute name="userprincipalname"/>
</attribute>
<attribute name="loginid">
<physicalAttribute name="null"/>
</attribute>
<attribute name="email">
<physicalAttribute name="mail"/>
</attribute>
<attribute name="mobile">
<physicalAttribute name="mobile"/>
</attribute>
<attribute name="telephone">
<physicalAttribute name="telephonenumber"/>
</attribute>
<attribute name="department">
<physicalAttribute name="ou"/>
</attribute>
<attribute name="description">
<physicalAttribute name="description"/>
</attribute>
<attribute name="streetaddress">
<physicalAttribute name="postaladdress"/>
</attribute>
<attribute name="pobox">
<physicalAttribute name="postofficebox"/>
</attribute>
<attribute name="krb5principalname">
<physicalAttribute name="userprincipalname"/>
</attribute>
<attribute name="kpnprefix">
<physicalAttribute name="samaccountname"/>
</attribute>
<attribute name="dn">
<physicalAttribute name="distinguishedname"/>
</attribute>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attributes>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">
<physicalAttribute name="null"/>
</attribute>
</attributes>
</nameSpace>
<nameSpace name="$usermapping$">
<attributes>
<attribute name="REFERENCE_SYSTEM_USER">
<physicalAttribute name="sapusername"/>
</attribute>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
<principal type="group">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="displayname">
<physicalAttribute name="displayname"/>
</attribute>
<attribute name="description">
<physicalAttribute name="description"/>
</attribute>
<attribute name="uniquename" populateInitially="true">
<physicalAttribute name="ou"/>
</attribute>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attributes>
<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE">
<physicalAttribute name="null"/>
</attribute>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">
<physicalAttribute name="null"/>
</attribute>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.bridge">
<attributes>
<attribute name="dn">
<physicalAttribute name="null"/>
</attribute>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
</principals>
</attributeMapping>
<privateSection>
<ume.ldap.access.server_type>MSADS</ume.ldap.access.server_type>
<ume.ldap.access.context_factory>com.sun.jndi.ldap.LdapCtxFactory</ume.ldap.access.context_factory>
<ume.ldap.access.authentication>simple</ume.ldap.access.authentication>
<ume.ldap.access.flat_group_hierachy>true</ume.ldap.access.flat_group_hierachy>
<ume.ldap.access.user_as_account>true</ume.ldap.access.user_as_account>
<ume.ldap.access.dynamic_groups>false</ume.ldap.access.dynamic_groups>
<ume.ldap.access.ssl_socket_factory>com.sap.security.core.server.https.SecureConnectionFactory</ume.ldap.access.ssl_socket_factory>
<ume.ldap.access.objectclass.user>User</ume.ldap.access.objectclass.user>
<ume.ldap.access.objectclass.uacc>User</ume.ldap.access.objectclass.uacc>
<ume.ldap.access.objectclass.grup>organizationalUnit</ume.ldap.access.objectclass.grup>
<ume.ldap.access.naming_attribute.user>cn</ume.ldap.access.naming_attribute.user>
<ume.ldap.access.auxiliary_naming_attribute.user>samaccountname</ume.ldap.access.auxiliary_naming_attribute.user>
<ume.ldap.access.naming_attribute.uacc>cn</ume.ldap.access.naming_attribute.uacc>
<ume.ldap.access.auxiliary_naming_attribute.uacc>samaccountname</ume.ldap.access.auxiliary_naming_attribute.uacc>
<ume.ldap.access.naming_attribute.grup>ou</ume.ldap.access.naming_attribute.grup>
<ume.ldap.access.pwd.via.usercontext>true</ume.ldap.access.pwd.via.usercontext>
<ume.ldap.access.set_pwd>true</ume.ldap.access.set_pwd>
<ume.ldap.access.multidomain.enabled>true</ume.ldap.access.multidomain.enabled>
<ume.ldap.access.extended_search_size>200</ume.ldap.access.extended_search_size>
<ume.ldap.access.domain_mapping>
[DOMAIN_PT;DC=domain,DC=pt]
[GS_DOMAIN_PT;DC=gs,DC=domain,DC=pt]
[gs;DC=DC=gs,DC=domain,DC=pt]
[domain;DC=pt]
</ume.ldap.access.domain_mapping>
</privateSection>
</dataSource>
</dataSources>
Edited by: Joaquim Pereira on Feb 7, 2009 1:34 PMHi Gaetano
I tried to set back the "uniqueid" in the XML to samaccountname.
Also, i changed the spnego to go only to domain.pt (gs.domain.pt is a child domain).
In the 1st tests this worked perfectly, but we still to do some testings with this config.
When i get confirmation, ill reply here.
Thank you.
PS:. we thought on defining the abap user for each user, but there are a lot of users...
we'll try this config, and if it doesn't work, probably, thats what we'll do.
Edited by: Joaquim Pereira on Feb 12, 2009 5:45 PM
Everything seams to be working now. setting back the uniqueid to samaccountname and configuring spnego to go to only 1 domain solved the issue.
I just need to test which change did the trick.
Edited by: Joaquim Pereira on Feb 13, 2009 1:02 PM -
Hi;
I have realize a application which authenticates from LDAP directory, the users and affect profils to them.
Q: which is the best means to feed this directory LDAP (its possible from my web application to modify the LDAP password) in using another application or another LDAP directory, or another solution ?
Regards;Q: which is the best means to feed this directory
LDAP (its possible from my web application to modify
the LDAP password) in using another application or
another LDAP directory, or another solution ?Are you looking to manually update this information or are you looking for a way for users to be able to interactively maintain passwords and admin to maintain roles in real time? Another possibility is keeping seperate corporate ldap and an application ldap instances in sync (ie - user has 1 password for all network apps maintained in corporate ldap, but application ldap has application specific roles and such which cannot be stored in corporate ldap). Clearer definition of exactly what you need here would be useful.
If the first case, there are ldap utilities which work with ldif files to handle this - should be able to google it to come up with what you need - ldapmodify I think.
If you are looking to be able to maintain the data from the application, likely you'll need to figure out your security model and build the interface to update this information. It can be done from the web app, from a standalone utility, or whatever works best for your situation. -
Ldap auth for db app working, same config for websheet not working
Hi forum-
I'm running the following:
Apex version 4.2.1
Listener version 2.0.1
RDBMS version 11.2.0.3
RHEL Linux version 2.6.18-238.5.1.el5
We've been using apex for quite a while (version 3.something) and have been successfully authenticating application logins w/ our corporate LDAP service. I've recently installed the latest version of apex and have been exploring the websheet application (very cool). Using parameters similar to our 3.0 installation, I was able to create a test database application and was able to successfully authenticate w/ our ldap service. Using the same settings (listed below) I'm NOT able to successfully authenticate a websheet login. Here are the (sanitized) settings for the database application:
host: ldap.company.com
port: 389
use ssl: no sll
distinguished name string: CN=%LDAP_USER%,OU=All Users,DC=ad,DC=company,DC=com
use exact distinguished name: yes
ldap username edit function: return ldap_validate (p_username => :USERNAME);
username escaping: standard
and the settings for the websheet application:
logout url: ws?p=102:home (default)
ldap host: ldap.company.com
ldap port: 389
use ssl: no sll
use exact distinguished name: yes
ldap string: CN=%LDAP_USER%,OU=All Users,DC=ad,DC=company,DC=com
ldap username edit function: return ldap_validate (p_username => :USERNAME);
ldap username escaping: standard
cookie name:
cookie path:
cookie domain:
secure: no
Additional info
- the ldap username edit function (ldap_validate) take a login ID and returns the ldap-friendly version via an ldap search
Questions:
1) is there any additional configuration that is necessary for a websheet to use ldap authentication (acls, for example)?
2) is there any useful logging where i determine why the login is failing?
3) has anyone gotten this working and can share their config with me?
Many thanks-
-joshAny thoughts?
-
SLD error after LDAP integration
Hello All,
I integrated Corporate LDAP with EP 7.0 ,after that I have SLD error when I click on the ESS tab which says:
Caused by: com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: Failed to resolve JCO destination name 'SAP_R3_SelfServiceGenerics' in the SLD. No such JCO destination is defined in the SLD.
When I go to content Admin->Webdynpro ,the SLD service is stopped and the 'Maintain Jco's' tab is greyed out.
This keeps on happening regularly.
When I go to the SLD log it says 'Server certificate rejected by ChainVerfier' ,I wonder if we need to implement SSL when we have the turned LDAP on.
Any help would be really appreciated
ThanksHi Subhash,
I think u didnt configure your SLD properly.
open this link
Configuring SLD in Sneak Preview SAP NetWeaver '04 Sneak
which gives the porcedure to configure SLD
for JCO destinations
http://help.sap.com/saphelp_nw04/helpdata/en/77/931440a1c32402e10000000a1550b0/frameset.htm
Administration manual->server administration->Administration/Configuration of Web Dynpro Runtime Environment ->Web Dynpro Content Administrator
rgds
srinivas -
LDAP failover - what happens when the primary LDAP server returns...?
Hi,
Got a question regarding LDAP failover...
I`m running IMS5.2hf2.09 and when our corporate LDAP server has a hiccup the IMS box succesfully fails over to the next one according to the 'local.ugldaphost' configutil entry and the following entry is recorded in the http log:
[05/Feb/2006:21:00:02 -0500] ******** [29882]: General Error: ldappool: ldap1.***.***.*** : Can't connect to the LDAP server - failover to ldap2.***.***.***However my question is when does it recover back to the original LDAP server (ldap1) or does it stay on the failover LDAP server (ldap2) until that has a problem and so on? In this instance (where it has failed over to ldap2) there are no other log entries saying it has returned back to the original LDAP server (ldap1) yet NETSTAT shows LDAP connections to ldap1.
Our LDAP team have got some changes planned and so I want to understand the failover process better.
Thanks,
Tom
iPlanet Messaging Server 5.2 HotFix 2.09 (built Nov 18 2005)
libimta.so 5.2 HotFix 2.09 (built 10:35:58, Nov 18 2005)
SunOS ******** 5.8 Generic_108528-19 sun4u sparc SUNW,Ultra-80Thanks Jay - that makes quite a difference!
Our failover LDAP server (ldap2) is over in Asia so if the primary LDAP server (ldap1 in US) has a hiccup - ALL LDAP traffic is going to go to Asia until ldap2 has a problem.
The majority of our IMS servers are in the US so I guess we`ll need to watch out for delays whilst in failover mode. -
We want to use a Microsoft Active Directory LDAP to authenticate buy-side users. We have configured the buy-side directory for LDAP - Microsoft Active Directory but when we do the Test -> Configuration we get a communicatiion error. This is a read-only LDAP and all we want to do is authenticate the buy-side users from the corporate LDAP.
It seems that regardless of the Driver Configuration Features and Controls settings, we still get the error but in some cases the user id needs to be entered and in other cases we have to manually add the lookup parameters. Also, if a wild card is used for the search, it still gets the error. The only thing we see in the application fpa_*.log is 'search failed'.
The active buy and sell side directory configurations are using the Local driver and are working OK. However, we need to get the LDAP working before we can go live on production.
Does the directory need to be active before the configuration test will work? Are there any other logs besides the application (fpa*.log) logs in /FCI_HOME? Are there any other Properties or Attributes Mapping that need to be set? Any help would be appreciated.
WLHi Wayne,
I just completed configuring LDAP authentication on my E-Sourcing box. I have pointed the system to the corporate Microsoft Active directory being read-only
I would suggest looking at the following points.
a) Host and Port : Make sure the host name is accessible from the E-Sourcing system. Port needs to be 389 for standard and 636 for SSL
b) Base DN : You should get hold of the base dn (Directory name) for instance ou=Users,dc=mycompany,dc=com
c) Directory user name : Provide a user name with domain name to authentication (Mandatory if the active directory requires authentication) For example - mydomain\user_name
d) Directory Password : Provide the password for the user provided in (c)
e) Base Search DN : Retain the same entry as in Base DN
f) On the properties tab of directory configuration, change the domain_dn value to match Base DN
For all other entries retain the out of box Active directory Buyside directory configuration that is provided.
LDAP should start working without a problem
Regards,
Balaji -
How to connect Essbase/Shared Services 11.1.1.1.3 to LDAP
Hi,
I just installed Essbase 11.1.1.1.3 with Shared Services. I have never connected it to a corporate LDAP environment before. I remember in the past version 6/7 etc.. there was a CSS file that needed edited. Is that still the case or do I have to go into Shared Services and configure etc...
ThanksHi,
You configure it all through shared services, have a read of :- http://download.oracle.com/docs/cd/E12825_01/epm.111/epm_security/ch05s05.html
Cheers
John
http://john-goodwin.blogspot.com/ -
I want to see the LDAP set up for EP 6.0 sp2
Hi,
I want to see the LDAP set up for EP 6.0 sp2.
And also the see the entries under portal and corporate LDAP.
Kindly let me know at the earliest.
SwethaAre you talking about datasource of EP or LDAP connectors?
-
Still LDAP server not responding when add to authentication search path ...
Howdy All,
I still have an OS X Server 10.5.6 (running Open Directory with its own Master directory) that when configured to connect to a corporate LDAP server indicates the server is responding fine, but when I add the server to the authentication search path, the server is no-longer responding.
I suspect this may mean the LDAP server is choosing to no-longer respond? Is it possible that the LDAP server could have my machine / IP address "black-listed" in some way? I have asked corporate IT but they didn't seem to think so (although I was queried before about repeated connect attempts).
Somewhat strangely I can configure a laptop client (OS X 10.5.6) to connect to the same LDAP server from an Ethernet port on the same LAN and it works fine. However, when I connect this laptop to the LAN through my server (WiFi NAT) I get the same issue as described above.
I don't have the firewall on the server turned on, I have played around with some certificates on the server, but have set "TLS_REQCERT never" in the ldap.conf file on the server (and client) as suggested by corporate IT. I have Kerberos running on the server and all else seems fine on the server.
Can anyone suggest what may be causing this? Or how I can debug the problem?
Thanks in advance.
Cheers,
Ashley.Hi Jeff,
Thanks for your post. That said, I'm not sure how you got the impression that I wish to go to Maine I'm happy here in Perth, Western Australia.
Jeff Kelleher wrote:
Connecting a Mac to an LDAP server is a far cry from connecting a OS X Server to an existing LDAP server. Not that I could necessarily help, but asking how to connect an OS X Server to an LDAP server is a bit like asking "guess where I am now, how do I get to Maine?"
You need to provide as much info as you can.
Seriously though, I'm not sure of the difference. I am using Directory Utility to allow this OS X Server to get authentication information from an LDAP server just like an OS X Client would.
I have Open Directory in Server Admin just setup to connect to a directory system (i.e. the organisation LDAP server), not a master or replica.
My final goal is to allow access to an OS X TeamsServer Wiki by users who are authenticated against the LDAP server (rather than having to have separate accounts, logins, on the OSXS.)
I am hoping that I can use a group from the LDAP server to define the team, but perhaps I will have to run a standalone OD. I hope then I can add LDAP users to the OD group.
What other information would help?
Thanks,
Ashley.
OS X Server 10.5.6 -
Hi Experts,
I am looking an good article or example to configure the LDAP server configure ( to create an provider and configure the LDAP server configure) in OBIEE11g. There are few round about articles, but I am interested to providing corporate LDAP server authentication to my OBIEE11g server.
Thanks in Advance
SivaNot exactly an error.. I created an new provider with type as 'LDAP Authentication Provider' and in the configuration I had supplied the following values ....
Host : ldap.mycompany.com (*mycompany name is confidential here...)
port : 389
User Base DN : ou=people,ou=us,o=xxxxxx ( again, the value for o is confidential)
The above values are provided by internal team and were being used for 10g , where it use to work fine. but not in 11g
After creating the provider, and activate the changes. When I am trying to login in OBIEE11g presentation services it is giving invalid username and password.
Thanks
S
Maybe you are looking for
-
Hi All, I am new to SRM . please help me to find badi's for below questions. Only Goods item type is allowed for Intercompany PO recharges and specific error handling must be built. Mixture of Intercompany PO recharges and IPO items is not allowed wi
-
How can You create a rescue email if you already have an Apple ID/account?
I didn't think about it, thought I didn't need it, but now I know. I forgot my security answers, and I keep getting locked. I need a way to create a rescue account if I already have an Apple ID/account. I won't click on any links unless it directs me
-
Firefox 3.5 for Mac not loading Apple Website
Just wondering why the Apple website won't load at all in Firefox 3.5 for Mac. It works fine in Safari. But not at all in Firefox. It's the only website I know that flat out won't load in Firefox. I want my movie trailers back.
-
Hi, I'm trying to join some tables in one report. I was successful with it, until I added one table which has many records for one primary key in the main table. I used Order by and Limit to select only the latest row, but then I got this error: Quer
-
Do we really need the iFlick app to insert movie artwork into iTunes library?
As I noticed (many) earlier threads on this subject, this appears to be a recurring problem in iTunes. I have read that adding artwork to movies in iTunes could be done in 2 ways: - dragging the picture file to the preview pane of a playing movie - r